Changes to Default Behavior in GlobalProtect App 6.0.11
You can now use the new system extension type
Non-removable system
extensions from UI introduced by Jamf Pro for the devices running on
macOS 15 Sequoia or later versions
to prevent the end users from disabling the
GlobalProtect system extensions on the endpoints. GlobalProtect app
version 6.0.11 and later supports macOS 15 Sequoia. This functionality is available
only for the devices running on macOS 15 Sequoia or later versions.
You can configure this feature to prevent the end users from disabling GlobalProtect
system extensions on their endpoints thereby reducing the risks associated with
disabled system extensions.
Previously, end users could disable the GlobalProtect system extension through the
MDM settings (.) However, with this new feature, the Non-removable system
extensions from UI system extension type in Jamf Pro restricts users
from disabling the GlobalProtect system extension.
To enable this functionality, you must perform the following procedures:
- Upgrade the GlobalProtect app to version 6.0.11 or later
- Upgrade the macOS to version 15 Sequoia or later
- In the mobile device management (MDM), Jamf Pro, set the System
Extension Type as Non-removable system extensions
from UI while configuring Configuration
Profile.
If the GlobalProtect system extensions are disabled by the end-user, the following
GlobalProtect features do not work:
- Enforcer
- Split-tunnel by domain
- Split-tunnel by app
- Split-DNS
- Traffic Enforcement
